
pi its corresponding unique ID. Appendix B shows an example application 

HelloSmartCard.java, with a table below illustrating the IDs corresponding to the strings 
found in the constant pool of the class file for this application. The IDs used for this 
example are 16-but unsigned integers.— 

In the Drawings: 

A Proposed Drawing Amendment for Approval by the Examiner accompanies this 
communication. The proposed corrections to Figs. 4, 16 & 18 are marked in red ink on 
copies of the original drawings. 

In the Claims: 




Please capcfel Claims without prejudice. 




Please jjdtfthe following r&*ftl\ 



aims: 




^J45^ A microcontroller comprising: 



a me^nory storing: 

.derivative application derived from an application having a class 
file formarwherein the application is derived from an application having a 
<^Ujbf class file format by first compiling the application having a class file 

a 1 > format into a com^led form and then converting the compiled form into a 

\s^_ converted form, and 

an interpreter conjured to interpret applications derived from 
applications having a class fib format; and 

a processor coupled to the memory, the processor configured to use the 
interpreter to interpret the derivative application for execution. 

^Jl46T The microcontroller of claim 1457 further comprising: 
a communicator configured to communicate with a terminal: 
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S*4T. The microcontroller of claim>47, wherein the terminal has a card reader and the 
communicator comprises a contact for communicating with the card reader. 

\ lot 

^£4$. The microcontroller of claim >47; wherein the terminal has a wireless 
communicator and wireless transceiver for communicating with the wireless 
communication device. 

-*49. The microcontroller ol^lainvM7 5 wherein the terminal has a wireless 
communication device and the communicator comprises a wireless transmitter for 
communicating with the wireless communication device. 



wherein the class file format comprises a Java 



The microcontroller of clair 
class file format. 

^>§T. A microcontroller having a set of resource constraints and comprising: 
a memory, and 

an interpreter loaded in memory and opel^ble within the set of resource 
constraints, 

the microcontroller having: at least one application loaded in the memory to be 
interpreted by the interpreter, wherein the at least o\e application is generated by 
a programming environment comprising: 

a) a compiler for compiling application source jkograms written in high 
level language source code form into a compiled iform, and 

b) a converter for post processing the compiled fornWto a minimized 
form suitable for interpretation within the set of resource constraints by 
the interpreter. 

^i#2. The microcontroller of Claim J-51, wherein the compiled form includes attributes, 
and the converter comprises a means for including attributes required by the interpreter 
while not including the attributes not required by the interpreter. 



5 



nit "3? 

^ The microcontroller of Claim>5T wherein the compiled form is in a standard Java 
class ^le format and the converter accepts as input the compiled form in the standard 
Java clask file format and produces output in a form suitable for interpretation by the 
interpreter. 



The microcontroller of Claim .^rTwherein the compiled form includes associating 
an identifying string\for objects, classes, fields, or methods, and the converter comprises 
a means for mapping stoch strings to unique identifiers. 



The microcontrollerof Clainv^Twherein each unique identifier is an integer. 

The microcontroller of Claim J-S^f wherein the mapping of strings to unique 
identifiers is stored in a string to identifier map file. 

The microcontroller of ClaimJ-STwhere in the high level language supports a 
first set of features and a first set of data types and the interpreter supports a subset of the 
first set of features and a subset of the first set of data types, and wherein the converter 
verifies that the compiled form only contains features in the subset of the first set of 
features and only contains data types in the subse\of the first set of data types. 

<Ay6. The microcontroller of Claim J£4 wherein theVompiled form is in a byte code 
format and the converter comprises means for translating from the byte codes in the 
compiled form to byte codes in a format suitable for interpretation by the interpreter by: 



using at least one step in a process including the steps: 

a) recording all jumps and their destinations in the original \y\e codes; 

b) converting specific byte codes into equivalent generic byteVodes or vice-versa; 

c) modifying byte code operands from references using identifying strings to 
references using unique identifiers; and 

d) renumbering byte codes in the compiled form to equivalent byte c6^es in the 
format suitable for interpretation; and 
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relinking jumps for which destination address is effected by conversion step a), b), c), or 

Ad9. The microcontroller of Claim.>5l wherein the application program is compiled 
into a compiled form for which resources required to execute or interpret the compiled 
form exceedShose available on the microcontroller. 

\ ! 

^kSTJ. The microcontroller of ClaimJI-ST wherein the compiled form is designed for 

portability on different computer platforms. 

^KST. The microcontroller of ClaimJ-STwherein the interpreter is further configured to 
determine, during an interpretation of an application, whether the application meets a 
security criteria selected from\set of rules containing at least one rule selected from the 
set: 

not allowing the apj^ication access to unauthorized portions of memory, 
not allowing the application access to unauthorized microcontroller 
resources, 

wherein the application is ctanposed of byte codes and checking a 
plurality of byte codes at least^once prior to execution to verify that 
execution of the byte codes doesVnot violate a security constraint. 



one application program is 



The microcontroller of ClaimJ^f- wherein ; 
generated by a process including the steps of: 

prior to loading the application verifying ftjat the application does not 
violate any security constraints; and 
loading the application in a secure manner. 

J&$? The microcontroller of Claim j&Z wherein the step of loading in a secure manner 
comprises the step of: 

verifying that the loading identity has permission to load applications onto the 

microcontroller. 
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- : T^4. The microcontroller of C\a\mJ#2 wherein the step of loading in a secure manner 
comprises the step of: 

encrypting the application to be loaded using a loading key. 

A method of programming a microcontroller having a memory and a processor 
operating according to a set of resource constraints, the method comprising the steps of: 

inputting akapplication program in a first programming language; 

compiling the^pplication program in the first programming language into a first 
intermediate code associated with the first programming language, wherein the first 
intermediate code being intbrpretable by at least one first intermediate code virtual 
machine; \ 

converting the first intermediate code into a second intermediate code; wherein 
the second intermediate code is interpretable within the set of resource constraints by at 
least one second intermediate code virWl machine; and 

loading the second intermediate code into the memory of the microcontroller. 

i>1- \ l9J» 

The method of programming a microcontroller of Claim>65* wherein the step of 

converting further comprises: \ 

associating an identifying string for objects, glasses, fields, or methods; and 

mapping such strings to unique identifiers. \ 

*-+*r7^ The method of ClaimJ-6(T wherein the step of mapping comprises the step of 
mapping strings to integers. \ 

JkftT The method of Claim>65wherein the step of converting comprises at least one of 
the steps of: \ 

a) recording all jumps and their destinations in the original byte codes; 

b) converting specific byte codes into equivalent generic byte codes orwice-versa; 

c) modifying byte code operands from references using identifying strings to 
references using unique identifiers; \ 
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d) Venumbering byte codes in a compiled format to equivalent byte codes in a format 
suitable for interpretation; and 

e) relinking jumps for which destination address is effected by conversion step a), 
b),c),\d). 

The method of ClaimJ^S wherein the step of loading the second intermediate 
code into the memorV of the microcontroller further comprises checking the second 
intermediate code prionto loading the second intermediate code to verify that the second 
intermediate code meets predefined integrity check and that loading is performed 
according to a security protocol. 

^Ttl The method of ClaimJ-ov wherein the security protocol requires that a particular 
identity must be validated to permit loading prior to the loading of the second 
intermediate code. 

^n\. The method of ClainvHSv further characterized by providing a decryption key and 
wherein the security protocol requires that the second intermediate code is encrypted 
using a loading key corresponding to the decryption key. 

Jrtt. A microcontroller operable to execute derivative programs which are derivatives 
of programs written in an interpretable programming language having a memory and an 
interpreter, the microcontroller comprising: 



(a) the microcontroller operating within a set of resource constraints including the 
memory being of insufficient size to permit interpretation of programs written in 
the interpretable programming language; and 

(b) the memory containing an interpreter operable to interpret the derivative programs 
written in the derivative of the interpretable language ^herein a derivative of a 
program written in the interpretable programming language is derived from the 
program written in the interpretable programming languageS^y applying at least 
one rule selected from a set of rules including: 

(1) mapping strings to identifiers; 



I) performing security checks prior to or during interpretation; 
(i) performing structural checks prior to or during interpretation; and 
(4\ performing semantic checks prior to or during interpretation. 

J^j. The microcontroller of Claim JJ72^wherein the derivative programs are class files 
or derivatives of class\files. 



jj ie m i crocon t r ol\er of Claim>?2lFurther comprising: 
the memory containing\less than 1 megabyte of storage. 

The microcontroller oi>Claim J^fwherein the security checks the microcontroller 
is further comprising: 

(c) logic to receive a request ffym a requester to access one of a plurality of 
derivative programs; 

(d) after receipt of the request, determine whether the one of a plurality of derivative 
programs complies with a predetermined set of rules; and 

(e) based on the determination, selectively grant access to the requester to the one of 
the plurality of applications. 

The microcontroller of ClaimJ-?5fwhe\ein the predetermined rules are enforced 
by the interpreter while the derivative program isybeing interpreted by determining 
whether the derivative program has access rights to x a particular part of memory the 
derivative program is attempting to access. 

JJh. The microcontroller of Clainx>?2 further wherein the microcontroller is 
configured to perform at least one security check selected f^om the set having the 
members: 



(a) enforcing predetermined security rules while the derivative program is being 
interpreted, thereby preventing the derivative program from accessing 
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unauthorized portions of memory or other unauthorized microcontroller 
resources, 

(b) theWerpreter being configured to check each bytecode at least once prior to 
execution to determine that the bytecode can be executed in accordance with pre- 
execution and post-execution checks, and 

(c) the derivative program is checked prior to being loaded into the microcontroller to 
verify the integrity of the derivative program and loading is performed according 
to a security protocol. 

^^TST The microcontroller of ClairruHfT' wherein the security protocol requires that a 
particular identity must be ^lidated to permit loading a derivative program onto a card. 

J&tf The microcontroller of Slaim>77' further comprising a decryption key wherein 
the security protocol requires thafya derivative program to be loaded is encrypted using a 
loading key corresponding to the decryption key. 

>80r The microcontroller of Claim>?Kwherein the microcontroller is configured to 
provide cryptographic services selected from the set including encryption, decryption, 
signing, signature verification, mutual authentication, transport keys, and session keys. 

J&T The microcontroller of ClaimJ^?2 furthW comprising a file system and wherein 
the microcontroller is configured to provide secu\e access to the file system through a 
means selected from the set including: 



(a) the microcontroller having access control lists f^r authorizing reading from a file, 
writing to a file, or deletion of a file, 

(b) the microcontroller enforcing key validation to establish the authorized access to a 
file, and 

( C ) the microcontroller verifying card holder identity to es\^blish the authorized 
access to a file. 
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An integrated circuit card for use with a terminal, comprising: 



\ a communicator configured to communicate with the terminal; 

V a memory storing: 

\ an application derived from a program written in a high level 
programming language format wherein the application is derived from a 
program written in a high level programming language format by first 
compiling the program into a compiled form and then converting the 
compiled form into a converted form, the converting step including 
modifying byre code operands from references using identifying strings to 
references usingNinique identifiers; and 

an interpreter operable to interpret such an application derived 
from a program written in a high level programming language format; and 

a processor coupled to tnk memory, the processor configured to use the 
interpreter to interpret the application for execution and to use the communicator 
to communicate with the terminal. \ 



The integrated circuit card of Claim J^whVein the converting step further 



recording all jumps and their destinationsSin the original byte codes; 
converting specific byte codes into equivalent generic byte codes or vice- 
versa; and \ 

renumbering byte codes in a compiled format to Equivalent byte codes in a 
format suitable for interpretation. \ 

1^5- \ 

A method for use with an integrated circuit card and a terminal;seomprising: 

storing an interpreter operable to interpret programs derived from 
programs written in a high level programming language and an application 
derived from a program written in a high level programming language iWmat in a 
memory of the integrated circuit card wherein the application is derived from a 
program written in a high level programming language format by first compiling. 




comprises 
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the program into a compiled form and then converting the compiled form into a 
converted form, the converting step including modifying byte code operands from 
refenmces using identifying strings to references using unique identifiers; and 

using a processor of the integrated circuit card to use the interpreter to 
interpret the application for execution; and 

usinfe a communicator of the card when communicating between the 
processor and the terminal. 

\ MS 

J*85f The method of Cikim 4*8^ wherein the converting step further comprises: 

recording afljumps and their destinations in the original byte codes; 
converting specific byte codes into equivalent generic byte codes or vice- 
versa; and \ 

renumbering byteVodes in a compiled format to equivalent byte codes in a 
format suitable for interpretation. 



JJL&f An integrated circuit card for use with a terminal, comprising: 

a communicator configured to communicate with the terminal; 

a memory storing: \ 

applications, each application derived from applications having a 
high level programming language format, and 



an interpreter operable to interpret applications derived 
from applications havmg a high level programming 
language format wherena the application is derived from a 
program written in a high level programming language 
format by first compiling thesprogram into a compiled form 
and then converting the compiled form into a converted 
form, the converting step including modifying byte code 
operands from references using identifying strings to 
references using unique identifiers; anck 
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^processor coupled to the memory, the processor configured to: 

a. ) use the interpreter to interpret the applications for execution, 

b. ) use the interpreter to create a firewall to isolate the applications 
from e^h other, and 

c V use the communicator to communicate with the terminal. 

1ST. The integrated circuit card of Claim JStf wherein the interpreter is further 
operable to interpret applications derived using a converting step including: 

recording all jumpjs and their destinations in the original byte codes; 

converting specific by£e codes into equivalent generic byte codes or vice- 
versa; and 

renumbering byte codes in^ compiled format to equivalent byte codes in a 
format suitable for interpretation. 

y&r \ 
Jr%$. A microcontroller operable to execute deWative programs which are derivatives 

of programs written in an interpretable programming language having a memory and an 

interpreter, the microcontroller comprising: 

the microcontroller operating within a setYf resource constraints including 
the memory being of insufficient size to permit interpretation of programs written 
in the interpretable programming language; and 
the memory containing an interpreter operable to interpret the derivative programs 
written in the derivative of the interpretable language wherein\ derivative of a 
program written in the interpretable programming language is detived from the 
program written in the interpretable programming language by mapping strings to 
identifiers.— 
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